Security News > 2022 > May > Iran-linked Cobalt Mirage extracts money, info from US orgs – report
The Iran-linked Cobalt Mirage crew is running attacks against America for both financial gain and for cyber-espionage purposes, according to Secureworks' threat intelligence team.
For the espionage strikes, Cobalt Mirage pulls off targeted intrusions to gain access and collect intelligence, though the snoops appear to be experimenting with ransomware here as well, the threat hunters wrote.
Cobalt Mirage in the past has targeted organizations in America as well as Europe, Israel, and Australia using scan-and-exploit tools to gain initial access into the networks.
In January, Cobalt Mirage exploited a ProxyShell flaw to get access into a philanthropic organization's network.
The long tail of Log4J. In March, Cobalt Mirage used the widespread Log4j vulnerabilities to gain access into the VMware Horizon infrastructure of a local government network.
Code in the file also was identified in the PowerlessCLR remote access trojan and hosted on an address used by Cobalt Mirage.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/05/13/cobalt-mirage-ransomware/